This policy defines organizational requirements for the use of cryptographic controls, as well as the requirements for cryptographic keys, in order to protect the confidentiality, integrity, authenticity and nonrepudiation of information.
This policy applies to all systems, equipment, facilities and information within the scope of Helpwise’s information security program.
All employees, contractors, part-time and temporary workers, service providers, and those employed by others to perform work on behalf of Helpwise having to do with cryptographic systems, algorithms, or keying material are subject to this policy and must comply with it.
This policy defines the high level objectives and implementation instructions for Helpwise’s use of cryptographic algorithms and keys. It is vital that Helpwise adopt a standard approach to cryptographic controls across all work centers in order to ensure end-to-end security, while also promoting interoperability. This document defines the specific algorithms approved for use, requirements for key management and protection, and requirements for using cryptography in cloud environments.
Name of System/Type of Information | Cryptographic Tool | Encryption Algorithm | Key Size |
---|---|---|---|
Public Key Infrastructure for Authentication | OpenSSL | AES-256 | 256-bit key |
Data Encryption Keys | OpenSSL | AES-256 | 256-bit key |
Virtual Private Network (VPN) keys | OpenSSL and OpenVPN | AES-256 | 256-bit key |
Website SSL Certificate | OpenSSL, CERT | RSA | 2048-bit key |
Table 1: Cryptographic Controls
Last updated: 2nd November 2021